#
# Symmetric Encryption for Ruby
#
---
# For the development and test environments the test symmetric encryption keys
# can be placed directly in the source code.
# And therefore no key encryption key is required
development:   &development_defaults
  key:         1234567890ABCDEF
  iv:          1234567890ABCDEF
  cipher_name: aes-128-cbc
  encoding:    :base64strict

test:
  <<: *development_defaults

<%
rsa_key       = SymmetricEncryption::KeyEncryptionKey.generate
cipher_conf   = SymmetricEncryption::Cipher.generate_random_keys(private_rsa_key: rsa_key, encrypted_key: '', encrypted_iv: '')
cipher_name   = cipher_conf[:cipher_name]
encrypted_iv  = cipher_conf[:encrypted_iv]
encrypted_key = cipher_conf[:encrypted_key]

puts "\n\n********************************************************************************"
puts "Add the release environment key to Heroku: (Optional)\n\n"
puts "  heroku config:add RELEASE_KEY1=#{encrypted_key}\n\n"
puts "\n\n********************************************************************************"
puts "Add the release environment key to Heroku: (Optional)\n\n"
puts "  heroku config:add RELEASE_IV1=#{encrypted_iv}\n\n"
-%>
release:
  # Key encryption key
  # Key used to secure the encryption key when it is stored in a file or encrypted.
  private_rsa_key: |
<%= rsa_key.each_line.collect { |line| "    #{line}" }.join('') %>

  # List Symmetric Key files in the order of current / latest first
  ciphers:
    -
      # Filename containing Symmetric Encryption Key encrypted using the
      # key encryption key above (private_rsa_key).
      encrypted_key:     "<%= '<' + "%= ENV['RELEASE_KEY1'] %" + '>' %>"
      encrypted_iv:      "<%= '<' + "%= ENV['RELEASE_IV1'] %" + '>' %>"
      cipher_name:       <%=  cipher_name %>
      encoding:          :base64strict
      version:           1
      always_add_header: true

<%
rsa_key       = SymmetricEncryption::KeyEncryptionKey.generate
cipher_conf   = SymmetricEncryption::Cipher.generate_random_keys(private_rsa_key: rsa_key, encrypted_key: '', encrypted_iv: '')
cipher_name   = cipher_conf[:cipher_name]
encrypted_iv  = cipher_conf[:encrypted_iv]
encrypted_key = cipher_conf[:encrypted_key]

puts "Add the production key to Heroku:\n\n"
puts "  heroku config:add PRODUCTION_KEY1=#{encrypted_key}\n\n"
puts "********************************************************************************\n\n\n"
puts "Add the production key to Heroku:\n\n"
puts "  heroku config:add PRODUCTION_IV1=#{encrypted_iv}\n\n"
puts "********************************************************************************\n\n\n"
-%>
production:
  # Since the encryption key must NOT be stored along with the
  # source code, only store the key encryption key here.
  private_rsa_key: |
<%= rsa_key.each_line.collect { |line| "    #{line}" }.join('') %>

  # List Symmetric Key files in the order of current / latest first
  ciphers:
    -
      # Encrypted key is supplied via an environment variable.
      encrypted_key:     "<%= '<' + "%= ENV['PRODUCTION_KEY1'] %" + '>' %>"
      encrypted_iv:      "<%= '<' + "%= ENV['PRODUCTION_IV1'] %" + '>' %>"
      cipher_name:       <%=  cipher_name %>
      encoding:          :base64strict
      version:           1
      always_add_header: true